toeverything/AFFiNE
1
1
Fork 0
mirror of https://github.com/toeverything/AFFiNE.git synced 2024-12-23 21:55:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: change password token check (#4934) (#4932)

Browse Source
This commit is contained in:
DarkSky 2023-11-14 19:15:54 +08:00 committed by LongYinan
parent 8bcc886b46
commit 8d55e5cdf9
No known key found for this signature in database
GPG Key ID: C3666B7FC82ADAD7
2 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
packages/backend/server/src/modules/auth/next-auth-options.ts
View File

@ -23,6 +23,8 @@ import {
export const NextAuthOptionsProvide = Symbol('NextAuthOptions'); export const NextAuthOptionsProvide = Symbol('NextAuthOptions');
const TrustedProviders = ['google'];
export const NextAuthOptionsProvider: FactoryProvider<NextAuthOptions> = { export const NextAuthOptionsProvider: FactoryProvider<NextAuthOptions> = {
provide: NextAuthOptionsProvide, provide: NextAuthOptionsProvide,
useFactory( useFactory(
@ -51,6 +53,23 @@ export const NextAuthOptionsProvider: FactoryProvider<NextAuthOptions> = {
} }
return createUser(userData); return createUser(userData);
}; };
// linkAccount exists in the adapter
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
const linkAccount = prismaAdapter.linkAccount!.bind(prismaAdapter);
prismaAdapter.linkAccount = async account => {
// google account must be a verified email
if (TrustedProviders.includes(account.provider)) {
await prisma.user.update({
where: {
id: account.userId,
},
data: {
emailVerified: new Date(),
},
});
}
return linkAccount(account) as Promise<void>;
};
// getUser exists in the adapter // getUser exists in the adapter
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
const getUser = prismaAdapter.getUser!.bind(prismaAdapter)!; const getUser = prismaAdapter.getUser!.bind(prismaAdapter)!;

12
packages/backend/server/src/modules/auth/resolver.ts
View File

@ -135,9 +135,17 @@ export class AuthResolver {
@Args('token') token: string, @Args('token') token: string,
@Args('newPassword') newPassword: string @Args('newPassword') newPassword: string
) { ) {
// we only create user account after user sign in with email link
const id = await this.session.get(token); const id = await this.session.get(token);
if (!id || id !== user.id || !user.emailVerified) { if (!user.emailVerified) {
throw new ForbiddenException('Please verify the email first');
}
if (
!id ||
(id !== user.id &&
// change password after sign in with email link
// we only create user account after user sign in with email link
id !== user.email)
) {
throw new ForbiddenException('Invalid token'); throw new ForbiddenException('Invalid token');
} }